1. Field of the Invention
The present invention relates to computer system resource management. More particularly, the present invention relates to a system and method of accessing and manipulating memory regions.
2. Description of the Related Art
Computer systems are often subject to invasive or malicious software. To combat such invasions, software is often analyzed, i.e., assessed, to determine its trustworthiness and to identify malicious code elements in the software.
Such a software assessment method, however, is computationally intensive. To illustrate, a packed executable is run in an isolated process, e.g., a debuggee, on a computer system. A debugger or code emulator on the computer system analyzes the execution and the results of the execution. Each time the debugger needs to access the memory of the debuggee, the debugger makes a call to an operating system function such as a read process memory function or a write process memory function. Each system call results in a context switch from user mode to kernel mode to accomplish the memory access. Completion of each access operation results in another context switch from kernel mode to user mode, to permit continuation of execution of the debugger. Excessive context switches incur overhead costs and degrade computer performance.
The foregoing costs and inefficiencies associated with traditional methods of analyzing software render such methods unviable in a real time computer system environment.